Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Antivirus- A Corrective Control?

From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 10 Aug 2011 11:54:21 -0500
kartik.netsec () gmail com writes:


Hi, I have a confusion whether Antivirus is a Preventive control or a Corrective control? I am preparing for CISSP 
and somewhere I have read that AV is a corrective control. I somehow disagree with this point. 

I believe AV can only be a corrctive control if the machine (without AV) gets infected and then AV software is 
installed on it.

On the other hand, a machine already having an AV installed should be taken as a Preventive control.

Any inputs please?


What makes intuitive sense and what ISC2 considers the correct answer
may not intersect.  Such is the problem with certifications/exams.
#include <the_usual_long_meandering_battle_over_certification_worth.h>

Logically, though, AV can surely be argued for as a 
     o preventive (in the 30-some% of the time where it actually
       detects and blocks malware before it runs),
     o corrective (when it can clean an infection it doesn't
       detect before infection perhaps due to signature lag, but
       does find on a retrospective full scan), 
     o detective (tells you about the 1 thing it knows about so
       you can scrutinize the host and maybe find the 4 other
       things it's infected with that it didnt' know about) control. 

AV can also be thought of as a "mandated by audit drivers control" or
simply a "theatrical control."  But that's me failing to resist the
urge to be snarky with respect to AV's efficacy in preventing malware
infections these days.

As for what ISC2 wants on such a question, I must defer, though.  A
more CISSP focussed forum might give more/better/more current answers
than this list if you don't get what you seek here.
Ethicalhacker.net has a CISSP board. 

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: